Problem with Win XP SP2 Firewall

Quote:

---

Why aren't they? Sure, it's an improvement, but we all know they're capable of doing more, so what's holding them back?

---

The real question at hand is "Is the normal public ready for that big of a step?"

Imagine them placing a stateful inbound and outbound firewall that has popups as to program control to the internet (a zone alarm clone). Think of how many people who use the Windows OS are not currently at a level of computer knowledge to deal with what will happen next.

AIM suddenly won't connect. MSN won't transfer files. Not all websites work now. IRC won't work. Video conferencing won't connect. A billion things that involve having a firewall and configuring it to allow certain programs and services, is beyond the reach of what the public is ready to handle.

So, rather than crippling the entire Windows OS userbase, they are little by little teaching them how things work. By showing them the beginnings of security, people will get "used" to that level.. thus allowing MS to add another leve lof security as time goes on so they can get "used" to yet another level of security.. and so forth and so on.

We know they could patch up a firewall to destroy the skills of zonealarm and kerio, so why not? Because they would rather begin the steps towards better security gradually rather than an enourmous drop of it and lose their userbase (in which the people who would know how to deal with it are a very very small minority.)

"A journey of a thousand miles or a thousand days starts with a single step" - Tao Te Ching

I'm not blaming them for anything... I just pointed out that it doesn't provide (any, imo) outbound filtering. If I'm correct, it isn't supposed to do outbound filtering, so there's no reason to blame MicroSoft.
A simple example is the DivX codecs I use. It installs Gator, and I simply block all outbound Gator traffic. I can't do that with the Windows Firewall, unless I'm overlooking something.
To me, that's enough reason to keep on using another firewall that does have outbound filtering. I'm downloading Open Office right now, so I can read that whitepaper :)

Quote:

---

To me, that's enough reason to keep on using another firewall that does have outbound filtering. I'm downloading Open Office right now, so I can read that whitepaper

---

Now I can agree on that :) Certain things call for outbound filtering, but as I said in the post just above yours (we probably posted at the same time lol ) the public isn't ready for that level of complication in security. Soon though.. soon. :) Enjoy that read, and good to see another fan of OO!

Good point Pooh, good point.

Hmm...well maybe they could have the firewall default or have a basic configuration mode for those non-savvy users, then have an advanced config available for those of who know what to do with it? Wouldn't that be a way to better fix the problem? I dunno, just an idea...I guess that's neither here nor there though, since MS doesn't take my advice. ;)

Absolutely, they could do a whole lot more.. I mean afterall, they've got bazillionz of $'s and happen to be the largest software corporation in the world. You'd think they'd be able to get simple **** like that right especially @ Release Candidate 2... hell there was even one before it.

Pooh, seriously do you work for them? Their attempts to tighten up security now come too late.. they've had YEARS to do that.. but according to them, opted for compatibility and technology and whatever... I wasn't bashing them... poking fun maybe. But should I bash them? Could I? Am I allowed to? Of course. I use their products, their OS's. I bitch about them b/c they always act like they're improving something or bettering it and they do it half-assed. Example A: http://www.securitytracker.com/alert...n/1010550.html <- that MS router vuln is a whole 2 days old! That's progress for them. Usually it's every day and not a whole every-other that there's some IE vuln posted or some XP security flaw. I've read plenty of the technical details and whitepapers on this sort of stuff. Have you even ran ICF 2? I have so this is why I feel I'm more than entitled to comment on the subject. Don't take things so personal. MS isn't that gr8... they don't care about you so why stick up for them and some of their sorry products (not that they all are)? :rolleyes:

Well, Pooh wasn't taking up for them per se, he just has a LOT of experience working with this stuff (which one can gather from his many previous posts). I take what he says very seriously. I think you both have good points, and I'm kinda somewhere inbetween you two. I think all in all, Microsoft products are decent. After all, I use Windows, and heck, unlike most pros, I use FrontPage. But on the other hand, they have the resources to produce some really kick-butt stuff, so I think they're falling short of their full potential, seemingly out of complacency due to being the undisputed leader in the market.

So, in a sense, you're both right.

Quote:

---

well maybe they could have the firewall default or have a basic configuration mode for those non-savvy users, then have an advanced config available for those of who know what to do with it? Wouldn't that be a way to better fix the problem?

---

Having certain ports open and allowed that the user may not be using anyways? Come on, that's one of the first rules of security, to never do that.


--rolls up his sleeves--

Quote:

---

Absolutely, they could do a whole lot more.. I mean afterall, they've got bazillionz of $'s and happen to be the largest software corporation in the world. You'd think they'd be able to get simple **** like that right especially @ Release Candidate 2... hell there was even one before it.

---

Did you even read my above post as to why they could not release this to the public? Please do so, before continuing, and you will see why they can not do this.

Quote:

---

Pooh, seriously do you work for them?

---

I am a beta tester for MS, and a long time user (Windows 1.1a). I feel that as a user and tester I've gained a decent perspective on how and why they do certain things.

Quote:

---

Their attempts to tighten up security now come too late..

---

Security enhancements can never be too late. If your statement was fact, linux kernel 2.4.2 should have stayed with the trojan someone slipped instead of Linus removing it and improving upon the security of the CVS controller.

Quote:

---

But should I bash them? Could I? Am I allowed to? Of course. I use their products, their OS's. I bitch about them b/c they always act like they're improving something or bettering it and they do it half-assed.

---

You could, but should you? Is your expience with them on the OS level so deep that you can say what can and can now work on a large scale distrobution with millions of end users that most likley have never even heard the term firewall?

Quote:

---

Example A: http://www.securitytracker.com/aler...un/1010550.html <- that MS router vuln is a whole 2 days old! That's progress for them. Usually it's every day and not a whole every-other that there's some IE vuln posted or some XP security flaw.

---

Oh here we go.. don't make me pull out the vunerabilities sitting in Linux distros and the kernel that have been sitting around for months. Every OS has problems, each get to it in their own time.

Quote:

---

I've read plenty of the technical details and whitepapers on this sort of stuff. Have you even ran ICF 2? I have so this is why I feel I'm more than entitled to comment on the subject.

---

I wrote the review on it:

http://www.enterpriseitplanet.com/se...le.php/3318441
http://www.antionline.com/showthread...hreadid=255170

Quote:

---

they don't care about you so why stick up for them and some of their sorry products (not that they all are)?

---

Becuse based on my personal experience with them, I know better.

Microsoft isn't stable enough! waaaa

-----They build in controls to stabilize memory, hal, defragging etc. Puts alot of companies who made those products out of busines...

Microsoft is a monopoly they have too much power there should be more competition. waaaa!

Microsoft doesn't do enough about backups and business continuity. wwaaaa!

-----Microsoft builds in backup ability and enhances it. Putting companies out of business in the process.

Microsoft is a monopoly putting the little guy out of business and forcing us to use their products, by eliminating competition. WAAAA!

Microsoft doesn't do much about security it doesn't have a built in firewal and patch management is shotty. WAAAAAAAAA!

----Microsoft builds in some basic firewalling, no one (with exceptions of course) bothers to enable it or learn it, and they will keep enhancing it, putting more and more people out of business including Zone Alarm eventually and all those patch management companies.

Ohhhh Microsoft is a bad company they keep putting little companies out of busninesss!!!! Why don't they stop??? Waaah.

Microsoft doesn't do anything about virus protections. Waaaa.

----They build in virus protection putting virus companies out of business fueling more anti-corp feelings to the same people who complain and in addition adding to the unrest to belief that the world "order" orchestrates virus infections to further their product line, only now it's Microsoft which is the big bully anyway... and well.... I was attempting some fun. :D

Quote:

---

They build in controls to stabilize memory, hal,

---

HAL? God I can see it now when it is implimented..

"Hello user. How are you feeling today? What are you doing Dave?" -power in the house goes out and suffication is imminient.

Quote:

---

I am a beta tester for MS, and a long time user (Windows 1.1a). I feel that as a user and tester I've gained a decent perspective on how and why they do certain things.

---

I had you pegged for a 'MVP'.

Quote:

---

Security enhancements can never be too late. If your statement was fact, linux kernel 2.4.2 should have stayed with the trojan someone slipped instead of Linus removing it and improving upon the security of the CVS controller.

---

Quote:

---

Their attempts to tighten up security now come too late..

---

Notice how I said "their"?

Quote:

---

Oh here we go.. don't make me pull out the vunerabilities sitting in Linux distros and the kernel that have been sitting around for months. Every OS has problems, each get to it in their own time.

---

Pooh, did you ever think that maybe there's too many distros available to count and that the OS's are opensource and that 99% of the developers don't actually get paid for their work like Micro$oft'$ employee$ do? I don't know too many Linux devs on the payroll. Wait until the next gen of Windows desktop OS's come out and try to be even more Unix-like... wait till many more Windows users use their XP, Longhorn etc. boxes to run servers and nextgen software. It'll be a doozy then. Vuln Valley is what it'll be called.... forget the Silicon.